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AnietKodM^teBitni^O)®^ -VKlh^crr^^ 
w iihin f^a^np^^^^^pmvyii&xs. The method includes a step -fc/NaiCc. '^'^^l^C'^ 
of providing a network of computers, each being coupled to l-irpv 
each other to form a local area network. The network of 
computers has a flg^all^sci^eR^O^leoupled to the network 
of computers and a^atfiaffie^managementWol coupled to the 
firewall server. The method also includes implementing 
traffiereontfollfor incoming and outgoing information using 
a combination of^fljQ^A^n^ljand queuing techniques. 
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SYSTEM AND METHOD FOR MONITORING or adequate manner In effect, quality of service or Quality 

QUALITY OF SERVICE OVER NETWORK of Service ("QoS") of the Internet has decreased to the point 

where some messages are being read at some time signifi- 

RELATED APPLICATIONS cantly beyond the time the messages were sent. 

This present application claims priority to U.S. Ser. No. ^ Quality of Service is often measured by responsiveness, 

60/067,857 filed Dec. 5, 1997, and U.S. Ser. No. 60/047,752 including the amount of time spent waiting for images, texts, 

filed May 27, 1997, which are both hereby incorporated by other data to be transferred, and by throughput of data 

reference for all purposes. across the Internet, and the like. Other aspects may be 

application specific, for example, jitter, quality of playback, 

BACKGROUND OF THE INVENTION lo quality of data transferred across the Internet, and the like. 

• ^ 1 ♦ . • * t Three main sources of data latency include: the lack of 

The present mvention relates to communication or tele- u j j.i. ^ ^ • • i . 

' r \A 1 1 .u 4 • 4- bandwidth at the user (or receivmg) end, the general con- 

commumcation. More particularly, the present invention , , j ,_ , , r.* ^ , 

, , ■ - ij- *t.jj * f gesUon of Internet, and the lack of bandwidth at the source 

provides a technique, including a method and system, for s nd' e d 

monitoring and allocating bandwidth on a telccommunica- ^^^^ 

tion network at, for example, a firewall access point. As A solution to decreasing data latency includes increasing 
merely an example, the present invention is implemented on bandwidth of the user. This is typically accomplished by 
a wide area network of computers or workstations such as upgrading the network link, for example by upgrading a 
the Internet. But it would be recognized that the present ^od^m or network connection. For example, the network 
invention has a much broader range of apphcabihty includ- upgraded to X2 modems, 56K modems, ADSL 
ing local area networks, a combination of wide and local ^^'^ modems, ISDN service and modems, cable TV 
area networks and the like. service and modems, and the like. Drawbacks to these 
Telecommunication techniques have been around for soluUons include that they typicaUy require additional net- 
numerous years. In the early days, people such as the work service, they also reqmrc addiUonal hardware and/or 
American Indians communicated to each other over long 25 and fiirther they require both the sender and 
distances using "smoke signals." Smoke signals were gen- '^f''^' ^° °" ^^^"^ the same hardware and/or 
eraUy used to transfer visual information from one geo- software Although one user may have a much faster line or 
graphical location to be observed at another geographical f^^^^er modem, another user inay stiU rely on the same 1,200 
location. Since smoke signals could only be seen over a f ^^^^^ information moves 
limited range of geographical distances, they were soon 30 ^^^n one location to another location is often detained b^ 
replaced by a communication technique known as telegraph. ^^^^^.^ informabon which is being transferred over the 
Telegraph generally transferred information from one geo- network. Accordingly, users of faster technology are basi- 
graphical location to another geographical location using ^^^^^ ^'^l''^ ?T^''f: °' . ""T^^ T ' 
electrical signals in the form of "dots" and "dashes" over ^o^^ionly stated in the network mdustry, 
transmission lines. An example of commonly used electrical 35 ^ ^^^^ ^^^^ ^ technique for improving 
signals is Morse code. Telegraph has been, for the most part, ^^6 use of a wide area network is highly desirable, 
replaced by telephone^ THe telephone was invented by SUMMARY OF THE INVENTION 
Alexander Graham Bell m the 1800s to transmit and send 

voice information using electrical analog signals over a The present invention relates to a technique, including a 
telephone line, or more commonly a single twisted pair 40 method and system, for providing more quahty to telecom- 
copper line. Most industrialized countries today rely heavily munication services. More particularly, the present inven- 
upon telephone to facilitate communication between busi- tion relates to quality of service management using a com- 
nesses and people, in general. bination of flow control and queuing techniques to be 
In the 1990s, another significant development in the applied to a ftow of information at, for example, a firewall 
telecommunication industry occurred. People began com- 45 server Quahty of service is provided using a predominately 
municating to each other by way of computers, which are software based bandwidth management tool in a specific 
coupled to the telephone lines or telephone network. These embodiment. 

computers or workstations coupled to each other can trans- In a specific embodiment, the present invention provides 

mit many types of information from one geographical loca- a system for providing quality of service within a network of 

tion to another geographical location. This information can 50 computers. The present system has a network of computers, 

be in the form of voice, video, and data, which have been each being coupled to each other to form a local area 

commonly termed as "multimedia." Information transmitted network. A link is coupled to the network of computers. The 

over the Internet or Internet "trafiSc" has increased dramati- system also has a traffic management tool coupled to the 

cally in recent years. In fact, the increased traffic has caused hnk, where the traffic management tool includes a flow 

congestion, which leads to problems in responsiveness and ss control module and a queuing control module. The combi- 

throughput. This congestion is similar to the congestion of nation of these modules manage incoming and outgoing 

automobiles on a freeway, such as those in Silicon Valley information to and from the link. 

from the recent "boom" in high technology companies, In an alternative embodiment, the present invention pro- 
including companies specializing in telecommunication. As vides a novel method of managing information at a gateway 
a result, individual users, businesses, and others have been 60 site for improving quality of service to a network of com- 
spending more time waiting for information, and less time puters. The method has a step of providing a flow of 
on productive activities. For example, a typical user of the information to a bandwidth management tool disposed at a 
Internet may spend a great deal of time attempting to view server. The flow of information is classified into at least a 
selected sites, which are commonly referred to as first portion and a second portion. The method applies flow 
"Websites," on the Internet. Additionally, information being 65 control to the first portion of the information to be trans- 
sent from one site to another through electronic mail, which ferred to a first user location or a network link and applies 
is termed "e-mail," may not reach its destination in a timely queuing techniques to the second portion of the information 
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to be transferred to a second user location or a network link. present invention provides network or firewall administra- 

The combination flow control and queuing of incoming and tors with the ability to implement pohcy-based schema for 

outgoing information to and from a communication link security and resource management on firewall platforms. In 

provides managed packet flow, a specific embodiment, resource management includes Net- 
In a further aspect, the present invention provides a S work Quality of Service (QoS) or "bandwidth" management 

system for managing information at a gateway site for techniques. 

improving quality of service to a network of computers. The Network QoS occurs by managing the resources that 

present system includes a variety of computer codes to form serve network application trafiSc, for example. This typically 

computer software or a computer program in computer includes the following resources: link bandwidth, applica- 

memory. The program includes a first code directed to server bandwidth (CPU), and buffer space on generally 

classifying a flow of information into at least a first portion all nodes (end-points, routers and gateways). Typically, data 

and a second portion, and a second code directed to applying through-put is limited by the speed of Internet access links 

flow control to the first portion of the information to be and by the server CPU capacity, and response time is 

transferred to a first user location or link. A third code is determined by the number of hops in a route, physical length 
directed to queuing the second portion of the information to ^5 of the route, and extent of congestion in the route. There are 

be transferred to a second user location or link. The system various other factors that may affect QoS, such as the 

also includes additional codes for carrying out the tech- behavior of TCP/IP, severe congestion anywhere in the 

niques described herein and others. route, prioritization of traffic along the route, etc. To a 

Numerous advantages are achieved by way of the present '^^^^^'^^^ administrator, embodiments of the present inven- 

invention over pre-existing or conventional techniques. In a ^^^^ P/°^^^t ^"^^'^^ ^^^^^ ^yP^^ 

specific embodiment, the present invention provides a single P^^^^^^ ^^^^^^ enforcement of trafiic flow by manage- 

• , • ^ - 4 .1 ment to the above resources, 

point or a smgle region to manage telecommunication traffic Jr " . . "^^^^ l^^^l^^c,. 

including directory services and bandwidth management. ^, ni ions ... . , . 

AdditionaUy, in some, if not aU embodiments, the present P'^°' invention, it may a^ist the reader to 

invention can be implemented at a single point of access ;»ndeBtand someof the terms descnbed herein. TTiese terms 

such as a computer terminal or firewall, for example. have been bnefly described below. These terms are merely 

Furthermore, the present invention can be predominately examples andshould not unduly hmit the scope of the claims 

software based and can be implemented into a pre-existing * — - - s , ^ „. . 

system by way of a relatively simple installation process. . l-TrafSc^Managementr A^roMt^u^^ 
Moreover, the present invention provides more valued appli- 30,,njsms3n£luding pohcies that can be apph^^ 
cations and users with a more reliable and faster service, -manage-^ueinetwo^^ 

Less critical appUcalions and users are provided with a fte-Jikc^These techniques are intended to improve overall 

service level that is appropriate for them in some embodi- network performance and efficiency. Ibey are also intended 

ments. In most embodiments, available bandwidth in a '° P'^^^f'* f predictability and orderhness in he 

. • c • 1 u J u *, 11 • J 35 event of network congestion. The techniques should also 

system is fairly shared between equally pnoritized users . , ^ , , 

(e.g., no user can monopolize or "hog" the system). Still j^olate faults and provide visibility mto performance prob- 

further, link efBciency improves due to overall congestion l^"^.- Additionally, they should meet the diverse user and 

avoidance in most cases. Moreover, the present invention iPPl>caUon requiremente as per an organization s business 

implements its traffic management technique using a simple g"^'^- Furthermore, traffic management is intended to 
and easy to use "rule" based technique. Tliese and other '° "i<=fase the goodput traffic, based on the economic value 

advantages are described throughout the present and prevent the abuse of network reso^^^^ 

specification, and more pardcularly bdow , 2- .Q^fij'^ Service (QoS): The concept of Quahty of 

. ^ ^ ^ ^ ^ , Service (QoS) has been analyzed and discussed for a number 

Further understandmg of the nature and advantages of the ^ networking industry, and was previously 

invention may be realized by reference to the remainmg associated mostly with ATM technology. In a more generic 

portions of the speciflcaUon, drawings, and attached docu- ^^^^ describes the performance specifications that an 

application requires from the underlying infi-astructure. 

BRIEF DESCRIPTION OF THE DRAWINGS Otherwise, the application will not run satisfactorily. Some 

applications arc designed to run in a best-effort mode and 
FIG. 1 is a simplified diagram of a system according to an 50 can adapt to available bandwidth. Others are extremely 
embodiment of the present invention; sensitive to delays. Still others can produce large bursts in 
FIG, 2 is a simplified block diagram of system architec- traffic which affects other applications while providing little 
ture according to an embodiment of the present invention; perceptible improvements to the end-user. QoS specifica- 
FTG. 3 is a simplified diagram of a traffic management ^^^"^ ^^^^^y associated with the expectations and per- 
cycle according to an embodiment of the present invention; ^^P^°°s ^^.^^^ organization they are part of. 
r^r^c^ A ^ • i c J J- r * 3. Bandwidthi-^Bandwidth usually refers to maximum 
FIGS. 4-7 are smiplifled diagrams of systems accordmg ^.^ ^^^^ ^ .^^ application. In a specific 
to various embodiments of the present mvention; , . ^ j 

^ ' embodiment, synchronous, interactive, and real-time 

FIG. 8 is a simplified flow diagram of a rule-based control applications, which are bandwidth-sensitive, can require 

method according to the present invention; and minimum bandwidth guarantees, and can require sustained 

FIG. 9 is a simplified flow diagram of a control method and burst-scale bit-rates. On the other hand, network admin- 
using flow control and queuing control according to the istrators may want to hmit bandwidth taken by non- 
present invention. productive traffic such as push technologies hke PointCast 

^^t:ci-DTD^^r^Kl r^ir coof-iiTfr- cxiforkr^TTv^cKrrc Others. Even though bandwidth may be allocated for 

DESCRIPTION OF SPECIFIC EMBODIMENTS ^^^^-^^^ apphcations, it does not mean that these appUca- 

An embodiment of the present provides integrated net- tions may be using that bandwidth. Therefore, a good policy 

work service policies for firewall platforms. Specifically, the should be to enforce when there is competition and demand. 
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4. Latency: Latency generally refers to the delay experi- 
enced by a packet from the source to destination. Latency 
requirements are typically specified as mean-delay and 
worst case delay in some cases. Real-time audio/video 
applications such as, for example, DNS, HTTP, and TEL- 
NET are delay sensitive. Delay is a result of propagation 
delay, due to physical medium and queuing at intermediate 
nodes such as routers, gateways, or even servers. A certain 
portion of the delay can be controlled by how the queues are 
serviced at the intermediate nodes, and by controlling con- 
gestion at bottleneck points. Some examples of delay mea- 
sures arc packet round-trip delay and connection response 
time. 

5. Jitter: Jitter generally refers to variation in delay (e.g., 
that is, the delay is not constant for all packets of a given 15 
flow) for a particular application. Real-time applications 
require a worst case jitter. Applications such as real-audio 
and video do some advanced buffering to overcome any 
variation in packet delays — the amount of buffering is 
determined by the expected jitter. 

6. Packet Loss: Packet loss is a loss in a packet or a 
portion of packets that is generally caused by failure of 
network elements (e.g., routers, servers) to forward or 
deliver packets. Packet loss is usually an indication of severe 
congestion, overload of an element, or element failure (e.g., 
if a server is down). Even if the packet was not dropped but 
just delayed, protocols and applications can assume it was 
lost. Packet loss can cause application timeouts, loss of 
quality or retransmitted packets. Packet loss is usually 



System Overview 

FIG. 1 illustrates a simplified system 100 according to an 
embodiment of the present invention. The system 100 is 
merely an illustration and should not limit the scope of the 
claims herein. One of ordinary skill in the art would recog- 
ni/x other variations, modifications, and alternatives. The 
present invention can be embodied as a TrafBcWare'^** 
firewall server 110 from Ukiah Software, Inc, but can be 
others. System 100 typically includes a file server 120, and 
a plurality of computers 130-150, coupled to a local area 
network (LAN) 160, and other elements. Firewall server 110 
includes a typical connection to a wide area network (WAN) 
170 and to a remote LAN 180 (such as an Intranet) and a 
typical network connection 190 to the Internet 200, Attached 
to Internet 200 are Web servers 210 and other computers 
220, 

As illustrated, computers such as computer 130, 140, and 
210 communicate using any one or multiple application 
20 layer protocols such as Telnet, file transfer protocol (FTP), 
Hypertext transmission protocol (HTTP), and the like. 
Further, communication across WAN 170 and across net- 
work connection 190 implements transport layer protocols 
such as transmission control protocol (TCP), universal data 
25 protocol (UDP), and the like. LAN 160 and LAN 180 are 
preferably based upon network protocols such as Internet 
protocol (IP), IPX from Novell, AppleTalk, and the Hke. As 
shown in FIG. 1, network connection 190 may be accom- 
plished using Tl, ISDN, Dial-up, and other hardware con- 



specified as a rate (e.g., a real-time video application cannot 30 necUons. Computers 120-150 and 210-220 may be any 

tolerate loss of more than one packet for every 10 packets suitable make or model of computer that can be coupled to 

sent). Indirect results of packet loss may also be measured ^ network. The system can also include a variety of other 

(e.g., connection retries or data retransmits). elements such as bridges, routers, and the like. 

7. Guarantees: An extreme example of a guarantee is to In an alternative specific embodiment, the present invcn- 
partition bandwidth so that it is not available to other 35 tion may be applied to a system with various links accessed 
entities. Guarantee also means a share of the resource, e.g., in servicing a browser request at a remote web server. In this 
minimum bandwidth or maximum latency. embodiment, a client could be dialing in via a 28.8 kbit dial 

8. Best -effort: Best-efforts describes a service on best- up modem to a local Internet service provider (ISP), where 
effort basis but makes no guarantees. ^ the ISP may be connected to the Internet by a Tl link. A web 

9. Limits: Specific physical or theoretical limitation on a 40 server may be on a 10 Mbs Ethernet LAN, which is 
resource such as bandwidth. Resource utilization or admis- connected to another'iSP via a 56 K frame relay. The web 
sion is limited under certain conditions. server's ISP may be connected to its carrier via a T3 line. 

10. Priority: Level of importance for a specific user, The client ISP carrier and the server ISP carrier may both be 
application, or data. Create a priority scheme among differ- connected by an ATM backbone or the like. Because of this 
ent entities so that contention Ls resolved or service is 45 asymmetry in this embodiment, any traffic management 
provided. solution should take into account these variations including 
ITie above definitions arc merely intended to assist the traflSc speed and data format described above. Moreover, 
reader in understanding some of the terms described herein. simply upgrading the capacity of a link, in the access path, 
They are not intended, in any manner, to limit the scope of may not offer a viable solution. This present embodiment 
the claims. One of ordinary skill in the art would recognize 50 may have the bandwidth requirements shown by way of 
other variations, modifications, and alternatives. Table 1 , for example. 



TABLE 1 



Users 



Bandwidth Requirements 
Bandwidth 



Service Offered 



Internet developers, individuals, international 28.8 to 56 Kbps 
locations where bandwidth Li expensive 
Smalt to medium-sized organizations with 
moderate Internet usage 
Medium sized organizations with many 
moderate users, smaller organizatioiiE 
requiring huge amounts of bandwidth 
Standard bandwidth for Ethernet-based LANS 10 Mbps 



Dial-up services, ISDN 
56 Kbps to 1.5 Mbps Fractional TI, frame relay 
1.5 Mbps Dedicated TI circuit 



Bandwidth usage for large organizations or 45 Mbps 



Ethernet, token ring (4 Mbps 
or 16 Mbps) 
Dedicated T3 circuit 
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TABLE 1 -continued 


Bandwidth Requirements 




Users Bandwidth 


Service Offered 


Internet backbones 




Huge bandwidth LAN backbone usage for 100 to 1.000 Mbps 


Fast Ethernet, gigabit 


medium to large organizations (hundreds or 


Ethernet 


thousands of users) 





As shown above, there exist a large number of diverse 
applications and protocols that are widely used and have 
their own performance requirements. For example, applica- 
tions such as mail (e.g., SMTP) and news (e.g., NNTP) are 
not interactive and are therefore not sensitive to delay. On 
the other hand, applications such as real- time conferencing 
are extremely sensitive to delay but not to packet loss. 
Applications such as TELNET and DNS do not utilize 
significant bandwidth, but are sensitive to delay and loss. 
Conversely, applications such as FTP consume a great deal 
of bandwidth but are not that sensitive to delay. Generally, 
network applications can be categorized as: 

1. Interactive (e.g., delay sensitive) versus non-interactive 
(e.g., delay tolerant); 

2. Bandwidth intensive (bulk data) versus non-bandwidth 
intensive; and 

3. Bursty versus non-bursty. 

These categories are merely illustrative and should not limit 
the scope of the claims herein. Additionally, some applica- 
tion requirements are dependent on the context of use and 
the nature of data being accessed. Such applications can be 
described as being nominally interactive or nominally band- 
width intense. This means the description applies to many 
but not all the situations in which they are used. 

As merely an example. Table 2 provides some illustra- 
tions for these categories. 

TABLE 2 



Application Class 



Application Spcctmm 

Examples 



Low-bandwidth, delay 
sensitive, highly interactive 
High bandwidth, dehiy sensitive 
High Bandwidth, nominally interactive 

. ;;Non-intcinctivc ( 



DNS. PING, TELNEr, ^CH^J 
COLLABORAnON 
Real-time audio and video 
Web service requests, file 
downloads 
"Mail and^ news' 



15 



As shown in Table 2, low-bandwidth, delay sensitive, and 
highly interactive applications include, among others, DNS. 
PING, TELNET,fe^;^COLLABORAnON. High band- 
width and delay sensitive applications including at least 
real-time audio and video. Additional applications for high 
bandvwdth and nominally interactive, or ^non-interactive— ^ 
havelalsoibeenTshown. Again, these applications are merely 
20 provided for illustration and should not limit the scope of the 
claims herein. 

The-prescot~iiiventioQ-can-also^bOsed:with.a_niimBer^f ^ 
filcsPFor example, a number of 



25 



30 



35 



45 



various_liLcs>'t'or example, a number of common 
apphcations, such as ETBIandlHTTP; can handle a wide 
variety of files. The file types being transferred and down- 
loaded place different demands on the underlying infrastruc- 
ture. Index and HTML files take up limited bandwidth but 
have very mundane contents. On the other hand, GIF,-JP£(j7 
and-MPEg^A and AVI files take up a lot more bandwidth 
but provide a rich multimedia experience to the end-user. In 
fact, push technologies such as PointCast basically down- 
load rich-multimedia bandwidth-intensive files. 

The present invention can also be used with a variety of 
user requirements. For example, networks are facing an 
explosion in the number of (inter) networked applications 
and data accessible through them. Network resources are 
increasingly being used for a wide variety of purposes, 
ranging from business critical to personal. TTiis means that 
policies must ensure that scarce resources (e.g., Internet 
bandwidth) are utilized with the goal of maximizing the 
returns to the organization. These benefits can come from 
direct revenue generating activities or from improved pro- 
ductivity (or reduced loss of productivity). As shown in 
Table 3, for example, at a mythical company called "She- 
bang Software Inc." the highest bandwidth priority has been 
allocated to technical support. However, there is no hard and 
fast rule. As with security policies, decisions should be 
consistent with the needs of the organization. 



TABLE 3 



Users 



Shebang Software User Priorities 
Application Class Reasons 



Tfechnical support 
Sales and marketing 



Upper management and middle Casuat 
management, administrative 
Development and manufacturing Personal 



Mission critical Needs most bandwidth to deal with 

customeis who need assistance 
Critical Needs bandwidth to deal with 

potential customers. Answer 
inquires, make quotes, transmit 
multimedia presentations 
Needs bandwidth to perform tasks 
necessary to mn the business 
Needs bandwidth to send e-mail, 
subscribe to Push technologies 
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The present invention takes into account, in one or more 
embodiments, the factors which are described specifically 
above. Although the above has been generally described in 
terms of a specific type of information, other types of 
information on a network can also be used with the present S 
invention. Additionally, the present invention has been 
described in general to a specific system. For instance, the 
present bandwidth management tool can be applied at a 
network's Internet access link. Alternatively, the present tool 
can be applied to a private WAN link to a remote corporate lo 
site or an access to a server farm (e.g., a group of servers 
located in a special part of the network close to an access 
hnk, e.g., in a web hosting environment). Alternatively, the 
present invention can be applied to key servers (e.g., 
database/web server) within an organization servicing inter- 15 
nal and/or external users. Furthermore, the present band- 
width management tool can be applied to any combination 
of the above or the like. 

FIG. 2 is a simplified block diagram 200 of details of 
system architecture accordmg to an embodiment of the 20 
present invention. The block diagram is merely an illustra- 
tion and should not limit the scope of the claims herein. The 
architecture includes a variety of layers that each interface to 
each other as depicted by the layers. The system includes a 
network layer 211, which interfaces to incoming and out- 25 
going information to the network. The network can be one 
of a variety including, among others, Ethernet and Token 
Ring. A physical layer 209 is disposed above the network 
layer 211. The physical layer can be personal computers, 
which are commonly called PCs, or network interface 30 
computers, which are commonly called NCs, or alternatively 
workstations. As merely an example, a personal computer 
can be an IBM PC compatible computer having a '586-class 
based microprocessor, such a Pentium''** from Intel 
Corporation, but is not limited to such a computer or 35 
processor. An operating system ("OS") is used on the 
computer such as WindowsNT™ from Microsoft 
Corporation, but can also be other OSs, The system is also 
coupled to a graphical user interface ("GUr^ 201 and is 
coupled to directory services such as, for example, LDAP, 40 
but can be others. A detailed discussion of directory services 
is described in U.S. application Ser. Nos. 08/998,100, 
08/998,313, and 08/999,096 which are commonly assigned, 
and hereby incorporated by reference for all purposes. 

Directory services 224 and GUI 201 couple to an appli- 45 
cation programming interface ("API") 223. The API is 
coupled to a traffic management or bandwidth management 
tool 208 with at least three modules, including a policy 
engine module 231, a FAST module 229, and a FAIR 
module 227, which will be discussed in more detail below, 50 
but is not limited to these modules. The bandwidth man- 
agement tool 208 can be predominantly software based and 
is substantially free from any significant hardware or soft- 
ware changes in the network. In a preferred embodiment, the 
bandwidth management tool 208 can be loaded onto a server 55 
without any changes to hardware. In an alternative preferred 
embodiment, the tool can install, configure, and operate on 
a conventional IBM compatible PC running and operating 
system such as, for example, Windows NT, but can be 
others. The tool can be deployed at any appropriate point in 60 
the network data path. The tool can also be stand-alone at the 
WAN access point (e.g., behind the Internet access router or 
behind a firewall), with a conventional firewall or with an 
NT based proxy/caching server or application server (e.g., a 
Web server). 65 

Tool 208 performs incoming and/or outgoing manage- 
ment of information over the network of computers. In a 
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Specific embodiment, traffic management tool 208 performs 
inbound and outbound monitoring arid control of flows by 
application, source address, destination address, URL, time 
of day, day of week, day of month, and other variations. In 
a specific embodiment, tool 208 also monitors, controls, and 
produces reports and alarms, which can enhance a whole 
speclnma of traffic monitoring and control activities ranging 
from bandwidth/latency control to capacity planning. 

In a specific embodiment, the bandwidth management 
tool adapts to "real" changes on any pre-existing networking 
system. For example, network infrastmcture management 
involves a continuous process of monitoring, reporting, and 
deploying changes to match network growth or changing 
needs in a growing office, for example. These changes exist 
at various levels and time scales. As merely examples, the 
network changes can be to enforce a QoS Policy for a critical 
service, add WAN bandwidth, segment the network, upgrade 
a router, choose a guaranteed service level for a web site 
(e.g., user's own wet site), or notify "Mr. Hog" (i.e., a user 
occupying too much bandwidth) that he should schedule his 
large personal downloads at more prudent times such as late 
at night, for example. 
Bandwidth Management Process 

The bandwidth management tool can employ these 
changes using, for example, the process shown in FIG. 3. 
This process is merely and illustration and should not limit 
the scope of the claims herein. As shown, FIG. 3 is a 
simplified diagram 300 of a traffic management cycle 
according to an embodiment of the present invention. The 
traffic management cycle is depicted as a continuous cycle, 
which includes a:monitoring:phase 301, a creatin g/applying? 
policy_phase^303, and a repprting/alarming:phas6 305, but is 
not limited to these cycles. That is, these cycles can be 
separated or combined depending upon the application. By 
way of this cycle, the tool can adapt to any changes to the 
networking system according to the present invention. 

In an aspect of the present invention, the present tool can 
monitor and control activities at various times, e.g., seconds, 
days, weeks, months, years. Some details with regard to 
these control activities are shown below under the headings. 

1. Second to second 

The tool provides second to second time scale monitoring 
and control of incoming and outgoing traffic over the net- 
work. As merely an example, the tool ensures that critical or 
more important traffic gets a right of way during traffic 
bursts and provides bandwidth enforcement. Multiple users 
of the network at a specific time can cause the traffic burst. 
Alternatively, multiple sessions on the network at a specific 
time can cause the traffic burst. Once the traffic burst is 
detected, the tool has a control device, which provides 
bandwidth enforcement to ensure that the more important 
traffic gets through the network. 

2. Day to day 

The tool provides day to day time scale monitoring and 
control of incoming and outgoing traffic over the network. 
As merely an example, the tool manages time of day 
congestion, and responds to intermittent problems or per- 
ceived problems. The tool generally deals with problems or 
limitations that are very specific and isolated to particular 
users or particular services at particular times that need to be 
tracked down quickly. 

3. Week to week 

The tool provides week to week time scale monitoring 
and control of incoming and outgoing traffic over the net- 
work. The tool analyzes traffic usage performance patterns, 
what services or hosts are active on the network, and 
troubleshoots chronic problems. In particular, the tool looks 
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at aggregates, such as a particular segment of the network, 4. Private WAN 

and compares Websites or compares groups of users for FIG. 7 is a simplified diagram 700 of the present tool 

usage of bandwidth and frequency of usage. deployed for a large corporation that has an Intranet as well 

4. Longer term activities as an Internet, TTie diagram 700 includes a variety of 

The tool provides long term time scale monitoring and S elements or "children" such as a connection to Frankfurt 

control of incoming and outgoing traffic over the network. 715, a connection to London 713, a connection to Hong 

The tool implements changes in organizational priorities, in Kong 717, and a connection to Paris 719. Each connection 

billing. The tool also provides service for new applications or child includes a router 705A, E, D, C, and the present tool 

as they are introduced, and provides for capacity planning 703A, E, D, C, which is coupled between the router and the 

for network resources. The present tool can also be used with lO hub ("HQ"). In a WAN -based environment, for example, 

network stress testing tools to obtain detailed analysis of HQ 701 is the hub that handles a number of independent 

flows and traffic behavior with/without policy enforcement systems (e.g., Frankfurt, London, Hong Kong, Paris), which 

before a new application is deployed to change the network can be LAN-based. In this embodiment, the present tool 

infrastructure. 703B also sits by the Internet 711 and is used to allocate 

Based upon the above description, the present tool can be 15 bandwidth between the competing children, e.g., Frankfurt, 

used to monitor and control incoming and outgoing traffic London, Hong Kong, Paris. Router 70t5B is coupled between 

over a variety of time frequencies. The time frequencies tool 703B and Internet 711. 

include second by second, day to day, or long term, and Although the above descriptions have been made in terms 

combinations thereof, depending upon the application. Of of deploying the present tool in selected environments, the 

course, the time frequency used depends upon the particular 20 present tool can also be deployed in other environments. For 

network and applications. example, the present tool can be deployed in any combina- 

FTGS. 4-7 are simphfied diagrams of systems according tion of the above. Alternatively, the present tool can be 

to various embodiments of the present invention. These deployed in any portion of the above environments. Of 

diagrams are merely illustrations and should not limit the course, the type of environment used by the present tool 

scope of the claims herein. One of ordinary skUl in the art 25 depends highly upon the application, 

would recognize other variations, alternatives, and modifi- In a specific embodiment, the tool provides an easy to use 

cations. These systems show various deployment scenarios interface or graphical user interface ("GUI") for perfor- 

according to the present invention. mance monitoring and profiling (e.g., accounting). Profiling 

1. Internet Service Provider (ISP) can be based on active services, clients and servers, among 
FIG. 4 is a simplified diagram 400 of the present tool in 30 other parameters. Additionally, profiling of the network can 

an ISP environment according to the present invention. The be started as soon as the tool is installed into the server of 

diagram 400 includes a variety of elements such as an ISP the network. Accordingly, the tool provides immediate 

LAN 401, which is coupled to network elements including accounting and service measiirement on a variety of QoS 

a remote access concentrator 403, a web server 417, an FTP measures, 

server 415, a router 413, a news server 411, and others. The 35 In a specific embodiment, the present tool generally uses 

tool 405 is coupled between the ISP LAN and router 407, two mechanisms to implement efficient traffic monitoring 

which is connected to the Internet 409. In this embodiment, and traffic control. These mechanisms include processes 

the ISP is providing a number of services to its customers performed by the FAST module and the FAIR module, 

and the present tool sits by the Internet link and manages which are shown in FIG. 2, for example. Additionally, the 

inbound and outbound traffic. 40 present tool uses a poHcy engine module 231, which over- 

2. Web Hosting Deployment sees the FAST module 229 and the FAIR module 227. Some 
FIG. 5 is a simplified diagram 500 of the present tool in details of these modules are described as follows. 

a web hosting environment according to the present inven- 1. FAST Module (Flow Analysis and Session Tagging) 

tion. The diagram 500 includes a variety of elements such as The FAST module generally provides for monitoring of 

a LAN BackBone 501, which is coupled to network elc- 45 incoming and outgoing information to and from the network 

ments including web servers 503, 511, 513, and others. The or link. Flow Analysis and Session Tagging ("FAST") 

present tool 505 is coupled between LAN 501 and router implements rich, apphcation level traffic classification, and 

507, which is connected to the Internet 509. In the present measurement. This operation is accomplished without intro- 

embodiment, the tool is being used to manage inbound and ducing slow data paths to minimize latency and maximize 

outbound traffic between some Websites and the Internet. In 50 overall throughout of traffic through the tool management 

a specific embodiment, most of the data being transmitted is engine. As shown in the Fig., the FAST module provides for 

multimedia-based, but is not hmited as such data. classification 203 of information such as parameters 213 

3. End-User Deployment including application, presentation, session, transport, and 
FIG. 6 is a simplified diagram 600 of the present tool in network. The FAST module also provides for measurement 

a campus environment according to the present invention. 55 219 of various parameters. The FAST module is coupled to 

The diagram 600 includes a variety of features such as a the API. 

campus network 601, which is coupled to network elements 2. FAIR Module (Flow Analysis and Intelligent 

such as a desktop PC 603, a UNIX computer 617, an NT Regulation) 

Server 615, a web server 613, directory services 611, and The FAIR module generally implements traffic control 

others. A bandwidth management tool 605 is coupled 60 and manages bandwidth of incoming and outgoing informa- 

between campus network 601 and router 607, which is tion to and from the network or link. Flow Analysis and 

coupled to Internet 609. In this embodiment, a LAN or WAN Intelligent Regulation ("FAIR") implements traffic control 

supports a number of different setups and configurations, based on a combination of flow control and queuing algo- 

which are compete for bandwidth to access the Internet. The rithms. FAIR'S objective provides inbound and outbound 

present tool acts as an arbitrator for implementing rules, 65 traffic management for meaningful time intervals, reducing 

enforcing policies, and setting admissions for classes, as the load on packet classifiers and packet schedulers. The 

well as perform other acts. FAIR module controls 205 incoming and outgoing inform a- 



10/29/2003, EAST version: 1.4.1 



6,078,953 

13 14 

tion to and from the network. Additionally, the FAIR module high priority classes are serviced first and are affected 

controls 205 by parameters 215 such as class, session, burst, the least during contention for bandwidth. Lower pri- 

packet, and others. The FAIR module also controls time 217 ority classes are serviced in order of priority and may 

of allocating bandwidth for these parameters. The FAIR be more affected by congestion or contention); 
module is coupled to the API. 5 Admission control — estabhshing conditions under which 

3. Policy Engine Module a new network session or service request is admitted or 

The policy engine module 231 oversees the FAST and not admitted. (This kind of policy estabhshes a broad 

FAIR modules. The engine module also interfaces with the bandwidth control or service quality for sessions 

API. In an embodiment, the policy engine module includes already admitted). 

a security policy 201, a traffic policy 202, and other policies As shown, the present invention provides policies such as 

221. The security poUcy provides parameters for securing bandwidth guarantees, bandwidth hmits, setting priorities, 

the present tool. The traffic poUcy defines specific limita- admission control, and others. It may assist the reader in 

tions or parameters for the traffic. understanding some of the terms used in the poHcies by 

Some defimuons about Uie vanous modules have been drawing an analogy with a geographical highway for auto- 

dcscnbed above These definitions are not mtcnded to be „,obiles. For example, bandwidth relates to how fast one can 

limiting. One of ordinary skill in the art would recognize ^= . . ^ i 1 \ u * j *u * 

^ . j-i: J 1* *• go (e.g., fast or slow lane) once a user has entered the stream 

other variations, modifications, and alternatives. %^ .i_ u- u . • l • 1 1- r j 

AdditionaUy, the modules described are generally provided "^^'^^^ °" .'b' ^^'^^y- TTiat is, the physical limit for speed 

in tenns of computer software. Computer software can be ^^^^^ lane chosen. Pnonty is analogous to how 

used to program and implement these modules, as well as °^^^^y ff' ^^^^ '° tTi\ZK^^ highway and move mto 
others. The modules can be combined or even separated, 20 » designated lane, and how often the user may have to 

depending upon the appUcations. Functionality of the mod- temporarJy give way to other vehicles during the dnve. 

ules can also be combined with hardware or the like. In a Admission control is analogous to the metered hghts at the 

specific embodiment, the present modules are implemented ^^^^J^^y ^l^^^, """^ ""f^^ 

on an WindowsNT™ operating system, which has been conditions. Of course, depending upon the apphca- 

developed by Microsoft Corporation. Of couree, other oper- 25 °ther analogies can be used to explain the pohcies^ 

ating systems can also be used. Accordingly, the present Additionally, the policies are merely examples and should 

modules are not intended to be limidng in any manner. '™"i''*J*°P'' °^ 

In an embodiment, the present tool can be configured . Kuies ^ , 

based upon at least the following components-trafSc ^ rule generaUy includes a trafBc class and a policy 
classes, traffic policies, traffic rules, and traffic entities. Some 30 associated with the class. A class can have several policies 

information about these components are described below. '^^f dififerent time intervals. Rule is also used to 

Tfaffic'Cla^s) ^ policy or to a specific row m the present tool user 

itTi^iienTTod identifies data flows at a network site interface. The present tool user interface is described in, for 

based on traffic classes. A traffic class is any combination of ^'^.""P^^' U S. apphcation Ser. No. 6(^/067,857 commonly 
the following, but is not limited to these: 35 '^^'2°^^'."''"'=^ ^^^""^^ incorporated by reference for all 

IP address, subnet, network, netgroup, or range of source ^^J'^r^c Entities 

ttt?t^ destination, present tool refers to entities in at least two different 

URL of the sender or group of URU; contexts: defining traffic classes and viewing traffic profiles. 

Service (e.g., HTTP, FFP) or groups of services; p^^ example, a network entity generally refers to an IP 

FTP and HTTP, file types can be selected as well; address, host, subnet, IP net, IP range, URL or a group of 

Time of day, day of week/month; and other network entities. A service entity refers to a single 

Inbound and outbound information. service or a group of services. A native entity is referred to 

As shown above, traffic classes are directional. Traffic in viewing traffic profiles. No rule setting or configuration is 
classes configured for inbound traffic are managed sepa- 45 required to monitor these entities. When the present tool is 

rately from traffic classes configured for outbound traffic. installed, it begins to profile traffic based upon detected 

For example, the present tool may decide to guarantee a services, clients, or servers, all of which are called native 

minimum bandwidth to critical traffic so that it is not entities. 

affected by congestion from large downloads. Additionally, 5. Guidelines for Developing Traffic Policies 

the present tool may want to monitor Push traffic for a while The present invention provides some guidelines for devel- 

and then choose to limit it if it is perceived as a problem. oping traffic policies. For example, to develop meaningful 

Traffic classes can also be for measurement only or for and effective traffic policies, the present tool may need to 

control and measurement in some embodiments. These are understand and take into account one or more of the fol- 

merely examples and should not limit the scope of the claims lowing: 

herein. 55 The kind of business being performed by the user over the 

^2. Traffic Policies J Internet. If the user is an ISP, the user may need to 

Traffic policies are generaDy mechanisms used to control develop a business/pricing model that leverages the 

the traffic behavior of specific classes. In an embodiment, the features of the present tool. If the user is managing 

present tool can configure policy properties which provide, corporate access to the Internet, the user may want to 

for example: identify any business critical services being provided 

Bandwidth guarantees — granting classes a minimum over the Internet 

bandwidth in the presence of congestion or competi- The priority of clients, servers and URLs hosted in the 

tion; user's network or servers access over the Internet. This 

Bandwidth limits — establishing a hmit on the total band- can be organized as business critical, casual and per- 

width used by the class; $5 sonal. 

Setting priorities — establishing a priority order for band- The properties of different applications beiog used, 

width limiting or servicing traffic from a class. (That is, whether they utilize lots of bandwidth or not. The user 
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may also need to account for the type of files commonly 
download by users or from the Web site. 
Measure and analyze traflSc using the present toors pro- 
files. Additionally, monitoring of selected entities (e.g., 
users, services) may also be useful. 
In a further embodiment, the present tool provides some 
general guidelines of some commonly used applications. 
These guidelines should be used in conjunction with busi- 
ness driven priorities, traffic profiling, and selective real- 
time monitoring to establish an effective traffic policy. 
Selected guidelines arc defined as follows, but are not 
limited to these. 

Delay-sensitive low bandwidth applications, such as 
TELNET and DNS, are controlled best by setting a 
high priority policy. The present tool can give the 
highest priority to all network control traf&c, such as 
QoS signaling, session establishment, domain lookup 
and routing protocols. 
Streaming multimedia applications, such as Real Audio/ 
Video and Vxtreme, can hog allot of bandwidth but are 
also delay and bandwidth sensitive. If they are not 
critical, they are controlled best by setting a high 
priority and a policy to limit admission of sessions so 
that bandwidth use is capped but admitted sessions 
have a reasonable quality. 
Push technologies, such as PointCast and Marimba, 
download large files, are not delay or bandwidth sen- 
sitive and usually not business critical. They are best 



ing the flow diagram, it may assist the reader by reviewing 
some general tenms used herein. 

These terms include, among others, "rules'* and "classes** 
and "policies." Rules can be created for very specific groups 
5 of flows or more general groups of flows, which are com- 
monly all the stuff that transmits to and from a link to a 
gateway point. Groups of flows are also referred to as traffic 
classes, but are not limited to such classes. Classes also can 
be defined by source, destination, application, file types, 
10 URLs, and other features. Policies can be specified to 
control traffic flows in terms of overall bandwidth 
guarantees, bandwidth limits, priority of service, how indi- 
vidual sessions within a class are serviced or admitted, and 
other aspects. The present tool also has intelligent poUcy 
15 validation that prevents users from defining any contradic- 
tory or ambiguous rules. Policy validation is generally a 
higher level check used b y way of the present method.^^ 
[£The:present-melhod occurs-at'Start^-w faich is st ep 80l7lfor 
exampleTIii-generalT^fiow^f information or data or p ackcts 
20 of^ihformation enter a gateway point, where the present tool 
sits! pTi^ present method classifie s (step 803) the flow of 
information. Groups of flows can be referred to as traffic 
classes, but are not limited to such classes. Classes also can 
be defined by source^ destination, application, file types , 
25 URiX an3 other features . Other examples ot classes were 
previously noted, but are not limited to these classes. In 
general, step 803 classifies the flow of information received 
into |dne of a plurafity of predetermined classes. 

, , , , The present tool measures parameters for each of the 

controlled by a limiting bandwidth policy and a low ckss^ in step 805, which were received, for example. These 
pnority. parameters are based upon the policy or rule, which may be 

appheci in a later step. As merely an example, parameters 

include the class itself, file sizes, and other information, 

n 

which can be used by the policy or rule to apply the policy 
35 or rulejto improve the quality of service for the network. 
After measuring the parameters, the present method applies 
a time stamp (step 807) on the parameters to correlate the 
class of information received to a time, for example. 
A step of deternuning whether to apply a policy occurs in 
case can usually be made only on the basis of file types 40 the next step 809. For example, if the class and the time (and 
and/or sotirce or destination addresses. In this case, a the litilc state in some embodiments) meet predetermined 
small minimum can be guaranteed for more important setting4. th e policy i s appHed to the dass in step 811 through 

branch 8IOT Alternatively, it one of the elements including 




Bulk-data non-interactive applications, such as SMTP and 
NNTP, should be guaranteed a small bandwidth mini- 
mum so that they are not totaUy squeezed out by 
congestion or control policies. 

Bulk-download, nominally interactive apphcations, such 
as FTP or some HTTP downloads, are commonly used 
in a variety of situations, ranging from critical to 
casual. Differentiating various types of usage in this 



In bulk-download apphcations (e.g., file sizc>20 K 
Bytes), overall congestion and burstiness can be con- 
trolled by slightly limiting this traffic, even if it is just 
a little below the total available bandwidth (e.g., 90%). 
The present tool can provide smoothing controls on this 
traffic without impacting overall perceptible perfor- 
mance for these downloads. This is particularly useful 50 
at lower link speeds (128 K and below). 

Mission critical apphcations, such as Lotus Notes, Oracle 
SQLNet, and LDAP, are controlled best by setting a 
high priority with a guaranteed bandwidth minimum. 



the class, the time, or the link state do not meet the 
45 predetermined settings, the policy does not apply and the 
process; continues to measure parameters through branch 
808. Alternatively, the process continues to measure param- 
eters through branch 821 after the poficy is applied to the 
flow of information for the class. 

Depending upon the application, the poHcy is used to 
improve the quality of service of the network by performing 
at least one of a number of functions for the class of 
information from the flow. T hese fun ctions in clude^ among 
othersi 



The above provides some guidelines for commonly used 55 priorities, a dmission control . The present process can also 



applications according to the present invention. Using the 
above guidelines, the present tool can effectively allocate 
bandwidth on a network, for example. Again, the above 
guidelines are merely examples and should not hmit the 
scope of the claims herein. 

In a .specific embodiment, the present tool provides a 
comprehensive, flexible, rule -based paradigm for imple- 
menting traffic control, as illustrated by a simplified flow 
diagram 800 of FIG. 8. Tliis flow diagram 800 is merely an 



bandwidth guarantees, bandwidth limits , setting^ \QCL'XV£i^^lA^ 



halt or stop as shown in step 815, The steps occur, in part, 
by \vay of the modules, which were previously described, 
but can also occur using other techniques including a 
combination of hardware and software, for example. These 
60 scqucrice^of steps arc merely illustrative and should not limit 
th^^dpe of the claims herein. One of ordinary skill in the 
art::w^ld-recognize- othcr-modifica tions,-altcrnativesizand> 
vaBiSums?> 



The present tool controls flow of information using a 
illustration and should not limit the scope of the claims 65 combination of flow control and queuing algorithms for both 
herein. One of ordinary skill in the art would recognize other outbound and inbound traffic, as shown in the simplified 
variations, modifications, and alternatives. Before explain- flow diagram 900 of FIG. 9, The algorithms work in an 
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adaptive manner to control traffic at the source taking into but is not limited to this operating system. Additionally, the 
account existing network congestion conditions. This results present method can be further separated or even combined 
in control and measurement capabilities that scale from low using a variety of software and hardware elements, 
to high link speeds. Thousands of concurrent sessions and In a most general application, the present method pro- 
hundreds of rules while maximizing link utilization and 5 vides a combination of flow control and queuing techniques 
minimizing congestion and packet dropping at the bottle- for flow control of information to and from an network of 
neck point. computers. Flow control behavior refers to having end- 
The prcscnt:method;beginsiw^^ points adjust their transfer rates in response to congestion 
general,^a^flow of information or data or IP packets of indicators or under gateway control. This applies to both 
informatiodi enter a gateway point, where the present tool lO inbound and outbound trafiBc. In the preferred embodiment, 
sits. The present method classifies the flow of information. the end -points implement TCPAP flow control. 
Groupsjof flows can be referred to as traffic classes, but are TCP flow control uses the concept of "window size" to 
not lirnited to such classes. Classes also can be defined by enable a receiver end-point to indicate how much data the 
sourcej destination, application, file types, URLs, and other source end-point can send in a burst at any given time. To do 
features] Other examples of classes were previously noted, 15 this, the receiver transmits a window size limit to the source. 



but are pot limited to these classes. In general, step 903 TCP utihzes timeouts and duplicate acknowledgment sig- 




classifies the flow of information received into one of a nals (ACKs) to initially determine network congestion, and 

plurality! predetermined classes including for example a then utilizes the concept of window size as a tool to prevent 

first group of information and a second group of informa- and respond to the congestion, To do all this accurately and 

tion. The first group o f information is generally more easily 20 efficiently, TCP uses a half-dozen subtly intertwined algo- 

controlled using flow control t echniques. T he second proup rithms. Congestion control is done reactively and coarsely 



of information, however, is generally more easily controlled and typically involves long delays and retransmitted traffic 



using queuing techniques , gassification occurs using ag on the network. ACKs are used to avoid overall network 

intelligent adaptation process, which separates for exa mple collapse. 

TpP based 905 infori nati^^n nnn-Trp based 907 infor - 25 In an embodiment, a gateway at the route bottleneck (e.g., 

mat ion'. ! the Internet access line) is used to invoke this window size 

Information to be flow controlled goes to a flow control flow control mechanism in a proactive manner by screening 

909 engine or module. The flow control engine or module bandwidth use and updating the sources. Typically, control 

outputs] 913 the information in a controlled manner using applies over relatively large time scales (typical Internet 

conventional flow control techniques such as those used for 30 round- trip times). 

TCP control over the Internet. Alternatively, information to In alternative embodiments of the present invention, 

be queued goes to a queuing 911 engine or module. The ICMP Source Quenching can also be used to serve as a flow 

queuing engine or module separates the flow of information control mechanism. ICMP Source Quenching is an IP 

into selected types of information, which are placed in mechanism typically invoked by routers to indicate buffer 

selected queues to be transferred to a link. These selected 35 overflow. BSD based TCP/IP stacks will effect a sharp 

types include RSVP, IPSEC, ICMP, and others. Each of the backing off of TCP data traffic bursts on receipt of such 

selected types of information are queued 915 according to ICMP packets. 

type. The flow controlled information and the queued infor- To achieve control over inbound traffic, the present inven- 

mation I transfer to a link or a user in a controlled manner. tion invokes flow control at the source to spoof window size 

The present combination of flow control and queuing can 40 packets. This technique is also apphed as a high-level 

be applied to an Internet environment according to an control over the outbound fair scheduler in order to control 

embodiment. In particular, the application can have, for congestion preferably when traffic is not subject to admis- 

example, variation in link speeds (e.g., 14,4 kbits/second to sion control. Further, a fair scheduler for inbound commu- 

T3 and beyond), variation in application requirements (e.g., nications is used to identify which classes may need to be 

DNS/TEllNET versus bulk-data transfer applications real- 45 controlled at the source, 

lime (versus non-real-time applications, TCP versus UDP TJe'present~tp^ol7aJso:supp^m-a:nde^b^ 

etc.), and variation in user requirements (e.g., casual versus and^real-time monitoring capability for highly granular, and 

b^giDe^rcnHical)r-T^.e present emb^^^ time-critical monitoring. For example, problems may be 

controirandrqueuingJecKniques, ra:thc^ diagnosed by setting up a rule for measuring the affected 

sihgle^^e oHhesc te chniq is taught by conventional 50 entities and tracking key measures in a performance moni- 

thinking. In some embodiments, the present combination of tor. Asjit is deployed at a key access point, the present tool 

elements uses flow control techniques for a WAN access link is in a position to monitor a problem area in the context of 

for incoming packets of information. The present embodi- overafll traffic quickly and easily. 

ment uses queuing in for outbound traffic direction, which In an embodiment, the pre sent tool provides congestion. 

prioritizes packets over a possible bottleneck at the WAN 55 utilization, and pertormance dej^radation reports, which 



link. In other applications, traffic control such as queuing in make day to day troubleshooting much simpler and serve to I b'^^^v' a 

control can be used for inbound traffic in combination with (i .e~ 24 hour) 



the inbound direction is not used or inbound traffic is j ustiiy or validate policy setting decisions. For example 
substantially free from queuing. In these embodiments, flow . - - . 



j ustiiy or validate policy setting decisions, l^or example, a Qiy^ Jt-TT^ 
cjironicl problem affecting a_service through a day period Jf^^jftJ^ 

(i.e~ 24 tiourj) can be monitofeJ ~by a combinatiorT of ^^i* 

outbound queuing techniques. Of course, the specific com- 60 real-tiriae monitoring^ which will be described m more detail . /jc\^^^^ 
bination of queuing and flow control depend upon the bebw^ and.congestion reports ^ By monitori ng ana using the Q/ftS^^ Vc 
application. reports^t/p fifly t^f- fi^j^rn jj g ^^at th e attes ted service is not 

The present flow control and queuing techniques can be ^tfingj igJdas ^hare^baiidwlSrE', flf a UMilation ex'ists'^iTF' 

performed by way, at least in part, of the FAIR module, ffie seH^ert^nLtReTnlernetJ }ackbon'r " 

which has been described. This module is predominately 65 Conclusion ' — ^ 

software based and can be implemented on an Win- In the foregoing specification, the invention has been 
dowsNT™ operating system from Microsoft Corporation, described with reference to specific exemplary embodiments 
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thereof. Many changes or modifications are readily envi- 
sioned. For example, the present invention can be applied to 
manage a variety of TCP/IP network traffic types for the 
Internet and Intranet. Further, the techniques can also be 
applied to Novell SPX, Xerox XNS or any protocol with a 
similar *flow-contror design that utilizes windows and 
acknowledgment signals (similar to ACK). 

Alternative embodiments of the present invention can also 
be applied to a 'legacy' private WAN running IP as well as 
native Novell protocols if there is a need, (e.g., file server 
and client/server traffic). Further, embodiments of the 
present invention can include monitoring, billing, and 
reporting features, thus allowing for enhanced client billing 
and internal cost accounting of network usage. 

These techniques are preferably implemented within a 15 
firewall platform to solve the provide the following benefits: 
bidirectional bandwidth management of network links car- 
rying TCP traffic; reactive (short-lime scale) and proactive 
(long time scale) control mechanisms; and gateway (local) 
and end-end (global) techniques for bandwidth control. This 20 
solution reduces their contribution to congestion in the 
Internet; and operation in a present day heterogeneous wide 
area networks, such as the Internet, without requiring any 
client, server or router changes. 

The specification and drawings are, accordingly, to be 25 
regarded in an illustrative rather than a restrictive sense. It 
will, however, be evident that various modifications and 
changes may be made thereunto without departing from the 
broader spirit and scope of the invention as set forth in the 
claims. 

What is claimed is: 

1. A system for monitoring quality of service within a 
network of computers, said system comprising: 

a network of computers, each being coupled to each other 
to form a local area network; 

a link coupled to said networic of computers; 

a traffic management tool coupled to said link, said traffic 
management tool configured to receive a flow of 
information, the flow of information including TCP 
based information and non-TCP based information, 
said traffic management tool comprising a flow control 
module and a queuing control module, wherein the 
flow control module is configured to transfer said TCP 
based information and the queuing control module is 
configured to transfer said non-TCP based information. 

2. The system of claim 1 further comprising a router 
between said link and said network of computers. 

3. A method of managing information at a gateway site for 
improving quality of service to a network of computers, said 
method comprising: 

providing a flow of information to a bandwidth manage- 
ment tool disposed at a server; 

claLi5sifying^^said-flow ~infor m~atibn~into~at~least-a-first^ 
portipn:aiid:^secoird^portioii71he-first^^ 
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TGE-basedrinforrnation-and4he-second-portiGn-includ^ 

(:3ginQPl'Ii^EIbased:informatio^ 

applying flow control to said first portion of said infor- 
mation to be transferred to a first user location at said 
local area network; and 

queuing said second portion of said information to be 
transferred to a second user location at said local area 
network. 

4. A system for managing information at a gateway site 
for improving quality of service to a network of computers, 
said system comprising a computer memory comprising: 

a first code directed to classifying a flow information into 
at least a rst portion and a second portion, said first 
portion including TCP based information and said 
second portion including non-TCP based information; 

a second code directed to applying flow control to said 
first portion of said information to be transferred to a 
first user location; and 

a third code directed to queuing said second portion of 
said information to be transferred to a second user 
location. 

5. The system of claim 1 wherein said link includes an 
incoming flow of information selected from source, 
destination, application, file type, or URL. 

6. The system of claim 1 wherein said traffic management 
tool implements traffic control using one or more policies in 
the presence of traffic congestion or competition. 

7. The system of claim 6 wherein said one of said policies 
is bandwidth guarantee, said bandwidth guarantee providing 
a selected bandwidth for a selected traffic class. 

8. The system of claim 6 wherein said one of said policies 
is bandwidth limit, said bandwidth limit providing a band- 
width limit for a selected traffic class. 

9. The system of claim 6 wherein said one of said policies 
is setting priorities, said setting priorities estabfishing an 
order for allocating bandwidth for selected classes. 

10. The system of claim 6 wherein said one of said 
policies is admission control, said admission control estab- 
lishing conditions for selectively admitting a service. 

11. The method of claim 3 wherein said second portion of 
said information is selected firom RVSP or IPSEC (e.g., 
non-TCP on top of ITP). 

12. The method of claim 3 wherein said flow of informa- 
tion is classified IP packets. 

13. The method of claim 3 wherein said first user location 
is the same as said second user location. 

14. The method of claim 3 wherein said step of applying 
flow control occurs in an intelligent adaptation engine. 

15. The method of claim 3 wherein said step of queuing 
occurs in an intelligent adaptation engine. 

16. The method of claim 3 wherein said second portion of 
said information is substantially free from a TCP protocol. 
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